hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
214 Commits 1,712 Branches 163 Tags
9a9bbac99e3b3d91697eccc12042b94de32f0204
Commit Graph

214 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
9a9bbac99e TypeScript: support syntax for unknown types 2018-08-22 10:18:38 +01:00
Asger F
4a9eb0fd3f TypeScript: Add tests for OptionalTypeExpr and RestTypeExpr 2018-08-22 10:18:38 +01:00
Asger F
241ce10da4 TypeScript: support syntax for rest elements in tuple types 2018-08-22 10:18:38 +01:00
Asger F
204b2a3002 TypeScript: support syntax for optional tuple type elements 2018-08-22 10:18:38 +01:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci
7661a98909 Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
semmle-qlci
bcfd02f62d Merge pull request #85 from esben-semmle/js/format-string-taint-step 
Approved by xiemaisi
 2018-08-21 21:47:53 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
7607b6beff JS: use DataFlow::SourceNode in two additional locations 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
6950bfe915 JS: review fixups in documentation and comments 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
605695e117 JS: review fixups in documentation 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
19e5db75a3 JS: make AnalyzedFunction public and move getAReturnValue there 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
ac947f10e7 JS: address some review comments 2018-08-21 22:08:08 +02:00
Esben Sparre Andreasen
21c895368d JS: change notes for improved inter-procedural type inference 2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen
6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen
3692667af2 JS: improve inter-procedural type inference for "local functions" 2018-08-21 22:07:11 +02:00
Esben Sparre Andreasen
4e45ad2d5a JS: generalize inter procedural IIFE type inference 2018-08-21 21:59:30 +02:00
Nick Rolfe
44ae7b68f0 Merge pull request #63 from ian-semmle/unused_db_types 
C++: Remove some unused DB types
 2018-08-21 18:27:35 +01:00
Jonas Jensen
3bc9323844 Merge pull request #84 from rdmarsh2/rdmarsh/cpp/macro-get-expr-conversions 
C++: exclude conversion in MacroInvocation.getExpr
 2018-08-21 19:15:42 +02:00
Jonas Jensen
2481bc7ba2 Merge pull request #72 from dave-bartolomeo/dave/InitMemory 
C++: Make `InitializeParameter` and `Uninitialized` return memory results
 2018-08-21 19:04:20 +02:00
Esben Sparre Andreasen
eb356d8d0b Merge branch 'master' into js/format-string-taint-step 2018-08-21 15:47:31 +02:00
semmle-qlci
6969466202 Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer 
Approved by xiemaisi
 2018-08-21 14:17:20 +01:00
Ian Lynagh
8a4040e4e0 C++: Update stats 2018-08-21 11:22:19 +01:00
Ian Lynagh
176b7cb8bc C++: Remove some unused DB types 2018-08-21 11:22:19 +01:00
Jonas Jensen
ea9bff00c0 Merge pull request #7 from ian-semmle/alg6un_squashed 
C++: resolveElement
 2018-08-21 11:35:45 +02:00
Jonas Jensen
cb51a4259f Merge pull request #3 from ian-semmle/getURL 
C++: Make Folder.getURL() consistent with Folder.getLocation()
 2018-08-21 11:07:52 +02:00
semmle-qlci
a01a453045 Merge pull request #78 from xiemaisi/js/remove-old-test 
Approved by esben-semmle
 2018-08-21 09:04:52 +01:00
Esben Sparre Andreasen
2d63524f83 JS: explain sanitizer equivalence 2018-08-21 09:54:32 +02:00
Esben Sparre Andreasen
f522376217 JS: mention string formatting taint step in change notes 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
c058b91587 JS: extract PrintfStyleCall out of TaintedFormatString 2018-08-21 09:02:35 +02:00
Robert Marsh
51bfb8db88 C++: exclude conversion in MacroInvocation.getExpr 2018-08-20 15:10:28 -07:00
Esben Sparre Andreasen
be8a32bb18 JS: add sanitizer support for ~whitelist.indexOf(x) 2018-08-20 20:32:57 +02:00
Ian Lynagh
0f350780bb C++: Make Folder.getURL() consistent with Folder.getLocation() 2018-08-20 19:01:31 +01:00
Dave Bartolomeo
f2053c488e C++: Make InitializeParameter and Uninitialized return memory results 
The IR avoids having non-trivially-copyable and non-trivially-assignable types in register results, because objects of those types need to exist at a particular memory location. The `InitializeParameter` and `Uninitialized` instructions were violating this restriction because they returned register results, which were then stored into the destination location via a `Store`.

This change makes those two instructions take the destination address as an operand, and return a memory result representing the (un-)initialized memory, removing the need for a separate `Store` instruction.
 2018-08-20 09:13:45 -07:00
Ian Lynagh
99dbbdf863 C++: Add some comments 2018-08-20 16:12:26 +01:00
Ian Lynagh
9c4d4f8732 C++: No need to cache so many predicates 2018-08-20 16:12:26 +01:00
Ian Lynagh
c241b081cb C++: Don't unresolve 'this' 
For example, if you have 3 types called T, where t1 and t2 are defined
but t3 isn't, then you will have

    unspecifiedtype(t1, t1)
    unspecifiedtype(t2, t2)
    unspecifiedtype(t3, t3)

    t1 = resolve(t1)
    t1 = resolve(t3)
    t2 = resolve(t2)
    t2 = resolve(t3)

so given

    Type getUnspecifiedType() {
        unspecifiedtype(unresolve(this), unresolve(result))
    }

you get t1.getUnspecifiedType() = t2.

I think that in general the best thing to do is to not unresolve 'this',
but to just take the underlying value.
 2018-08-20 16:12:26 +01:00
Ian Lynagh
a1e44041ec C++: Use mkElement/unresolveElement consistently 2018-08-20 16:12:26 +01:00
Ian Lynagh
34c9892f77 C++: isfromtemplateinstantiation test output change 2018-08-20 16:12:26 +01:00
Max Schaefer
46ef208e09 JavaScript: Remove spurious test file. 2018-08-20 15:02:51 +01:00
semmle-qlci
e1f3637b66 Merge pull request #75 from asger-semmle/server-side-url-redirect-performance 
Approved by xiemaisi
 2018-08-20 14:53:16 +01:00
Jonas Jensen
b931e88686 Merge pull request #67 from dave-bartolomeo/dave/CastToVoid 
C++: Handle casts to `void` in IR
 2018-08-20 15:45:11 +02:00
Jonas Jensen
5e6f34fa3c Merge pull request #64 from calumgrant/ql-style-guide 
QL Style Guide
 2018-08-20 15:31:51 +02:00
semmle-qlci
0adeef73ff Merge pull request #74 from xiemaisi/js/multi-step-export-from 
Approved by asger-semmle
 2018-08-20 12:36:26 +01:00
calum
08d0718ecc Update CONTRIBUTING.md and README.md to link the the QL Style Guide. 2018-08-20 11:06:22 +01:00
calum
529dbe08c8 Address review comments. Reformat bullet lists with capitals and remove trailing punctuation. 2018-08-20 11:00:35 +01:00
Max Schaefer
a27a14d0d3 Merge pull request #69 from asger-semmle/ts-typescript2.9 
TypeScript: support for v2.9 features
 2018-08-20 08:15:41 +01:00
Max Schaefer
b2e304951e Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00